Commit Graph

2319 Commits

Author SHA1 Message Date
John Polstra
e9edb38551 Add an rc.conf knob "ldconfig_insecure" to disable ldconfig's
security checks.  Set the default to NO, i.e., secure.

Submitted by:	Maxime Henrion <mhenrion@cybercable.fr>
2000-08-11 03:26:30 +00:00
Warner Losh
dd8cf673d9 Change NOSUIDPERL to BUILD_SUIDPERL. One must now explicitly enable
building suidperl.
2000-08-10 22:55:58 +00:00
Bill Fumerola
70d25dfbce make sshd follow the pattern of enable, program, flags like every
other entry does.
2000-08-10 19:52:06 +00:00
MIHIRA Sanpei Yoshiro
1c19d8a700 add Nokia Card Phone 2.0 (gsm900/dcs1800 HSCSD terminal)
PR:		conf/20037
2000-08-10 13:43:17 +00:00
MIHIRA Sanpei Yoshiro
bee9bd2a7a I tested Toshiba Modem/LAN card IPC5001B (as Modem) and enable it.
This card has `Network/LAN adapter' function ID(06 00),
not Serial port/modem.
2000-08-10 13:24:12 +00:00
Brian Somers
3a5cb44818 Correct dodgy wild card expansion
PR:	20514
2000-08-10 10:58:44 +00:00
Brian Somers
e2323071e6 Allow a ppp_user specification to run ppp at startup
PR:		20258
2000-08-10 00:13:02 +00:00
Brian Somers
3ebdf3366d Improve purgedir():
Fix leading & trailing space handling

  Suggested by: ben

  Handle files beginning with - correctly
  Don't follow symlinks (cd /var/spool/lock; ln -s /. horror)
2000-08-09 09:23:30 +00:00
Chris Costello
9d182321ce Use shell matching instead of sed(1) to strip comments and blank lines.
Since it doesn't depend on anything in /usr, it should work with a NFS-mounted
/usr partition.

Thanks to Bruce Evans to bringing this to my attention.
2000-08-09 02:03:30 +00:00
Brian Somers
440972bd2b Don't use find(1) before nfs filesystems have been mounted as
it lives in /usr/bin.  Instead, locate files manually.

Note, only *files* under /var/spool/lock are now deleted rather
than everything that's not a directory.  I think this is more
correct, but if anyone disagrees please feel free to change it.

Problem pointed out by: bde
2000-08-08 13:30:27 +00:00
Brian Somers
bc8617937e Use ``diff -w'' for setuid.{to,yester}day comparisons
rather than ``diff -b''.
2000-08-07 09:08:35 +00:00
Ruslan Ermilov
13fa4c5e31 Make natd(8) "compatible" with firewall_type="simple".
PR:		conf/13769, conf/20197
2000-08-04 14:02:11 +00:00
David E. O'Brien
d8e52ef8e0 Update rev 1.29 -- 'draft-manning-dsua' is now in its 3rd version. 2000-07-30 19:28:05 +00:00
Brian Feldman
c32527f202 Keep urandom as a link to random (but a hard link). 2000-07-30 16:18:48 +00:00
Brian Feldman
ae7ccf4237 Since the driver supports both (and may have different semantics for
both soon...), create urandom instead of the link to random.  It's
also what makes sense according to the make_dev(9)'s in random(4).
2000-07-30 03:15:11 +00:00
Eivind Eklund
8e4a14a9fa Change the defaults for portmap, sendmail and inetd to be not running them.
Make sysinstall override this on install, so the effective behavioural
change for a newly installed system is null.  Overall, this makes a system
with an empty /etc/rc.conf not run any network services, and makes the
FreeBSD-provided network services that are running visible in /etc/rc.conf
(instead of making people look through /etc/defaults/rc.conf to find the
things they need to disable to secure the system.)

Reviewed by:	jhb
Discussed with:	The usual cabal
2000-07-28 22:45:36 +00:00
David E. O'Brien
cc29b3af28 Add this empty version of this file to make it easier for pre-4.0 users
to find.
2000-07-27 22:53:42 +00:00
Jeroen Ruigrok van der Werven
6c992c4b00 Remove all mention of LANG and MM_CHARSET.
Add hints towards login.conf(5), which should be the preferred way
to set this systemwide without having to worry about the shell used.

PR:		9245
Submitted by:	martin Kammerhofer <dada@sbox.tu-graz.ac.at>
2000-07-27 11:39:33 +00:00
Sheldon Hearn
0e2c115b95 Close a window of readability when creating the entropy seed file,
which must not be world-readable.
2000-07-24 15:14:47 +00:00
Sheldon Hearn
ae193fb45b If the initial attempt to write ${entropy_file} to /dev/random fails
and the randomdev.ko module is not resident, try to load the module and
perform the write again.

Reviewed by:	markm
2000-07-24 13:40:41 +00:00
Marcel Moolenaar
11017a687b Backout addition of -L switch to mtree. Using -L breaks the
build process in too many cases. Adding mtree to bootstrap-tools
to solve this breaks the upgrade path because mtree needs a
libc that has strtofflags and fflagstostr.
2000-07-23 16:33:00 +00:00
Jeroen Ruigrok van der Werven
4c27efd514 Add weak_mountd_authentication, which is examined in /etc/rc.network.
Setting this to YES instead of its default NO, causes mountd to be
passed the -n flag, which allow non-root users mount requests to be served.
2000-07-23 11:31:09 +00:00
Andrey A. Chernov
0ce76c7dd0 Sync 2000-07-21 15:14:05 +00:00
Andrey A. Chernov
e3b66023f2 dd is too verbose writting entropy, redirect its output to /dev/null
Add period at the end of sentence
2000-07-20 19:25:12 +00:00
Andrey A. Chernov
29ce1dd302 Sync with main termcap, SGR 24,27 2000-07-20 18:55:07 +00:00
Nick Sayer
a5213f145a Add the tap driver.
The tap driver is used to present a virtual Ethernet interface to the
system. Packets presented by the network stack to the interface are
made available to a character device in /dev. With tap and the bridge
code, you can make remote bridge configurations where both sides of
the bridge are separated by userland daemons.

This driver also has a special naming hack to allow it to serve a similar
purpose to the vmware port.

Submitted by:	myevmenkin@att.com, vsilyaev@mindspring.com
2000-07-20 17:01:10 +00:00
Andrey A. Chernov
c03054e957 Sync with main termcap (AX, latin2 mono) 2000-07-20 14:08:21 +00:00
Hajimu UMEMOTO
be8302343e Add some examples for IPv6 addresses.
PR:		conf/18614
Submitted by:	James Housley <jim@thehousleys.net>
2000-07-19 13:05:58 +00:00
Brian Somers
a964c82566 Add a default ident string and do some minor whitespace adjustments 2000-07-19 10:16:29 +00:00
Ruslan Ermilov
572c5e2af7 Add /dev/agpgart for AGP.
Reviewed by:	dfr
2000-07-19 09:21:14 +00:00
Warner Losh
034aee24de Apm device is now safe to be world readable, so make it so. 2000-07-19 06:35:58 +00:00
Hajimu UMEMOTO
6941031461 Fix an unmatched opening quote.
PR:		conf/20000
Submitted by:	Alex Kapranoff <alex@kapran.bitmcnit.bryansk.su>
2000-07-18 08:44:17 +00:00
Sheldon Hearn
7a414e32d7 Improve on previous commit:
Don't inhibit the trailing newline for entropy-related messages.
Try harder to save the seed file on shutdown.

Reviewed by:	markm
2000-07-17 13:39:48 +00:00
Hajimu UMEMOTO
feeff03591 If ipv6_enable is set to yes, do IPv6 setup for PCCARD ethernet
card.  This is still at staring point and end node case only.
2000-07-17 12:33:57 +00:00
Mark Murray
b74aa5644c Add entropy caching. With this, some entropy is cached at shutdown
time, and this is used to reseed the random number generator at
boot time.

NOTE - this has no hope of working if you halt(); you need to
execute rc.shutdown to get the entropy stash.
2000-07-17 12:28:58 +00:00
Mitsuru IWASAKI
575c57687f PCCard entry cleanup:
- Remove unit numbers in config lines.
 - Remove all of logger lines and add logstr lines for some cards.  This
   changes reduced file size from 84k to 45k.
 - Use '/sbin/ifconfig $device delete' instead of /etc/pccard_ether_remove
   which haven't merge from PAO yet.
 - Cosmetic changes.
2000-07-16 17:33:54 +00:00
MIHIRA Sanpei Yoshiro
f20f83ab5f [Merge from PAO]
add about 67 entry and rewrite 18 entry
	change Xircom CompactCard Ethernet 10 entry
		config 0x20 -> auto

Reviewed by:	iwasaki
Obtained from:	PAO3
2000-07-16 14:33:47 +00:00
Andrey A. Chernov
106beffea3 Add -L to mtree calls since defaults changed back 2000-07-16 07:58:25 +00:00
Andrzej Bialecki
65594d9e65 *** empty log message *** 2000-07-15 10:18:46 +00:00
Robert Watson
a85978584c o Display only a short fortune at the root login prompt, as large ones
scroll of our pretty /etc/motd that helps the user know what to do.
o Change reflects similar setting in /share/skel
2000-07-15 03:25:14 +00:00
Neil Blakey-Milner
e3186dd555 Add to, don't overwrite, user-settable mountd_flags.
PR:		conf/15745
Submitted by:	Vivek Khera <khera@kciLink.com>
2000-07-14 13:03:36 +00:00
Peter Wemm
97e8e70bd1 Be consistant about WITH_ vs MAKE_ flags. We have a precedent of using
MAKE_foo for things like MAKE_KERBEROS etc.  Use that.  I managed to
confuse myself last time and made make.conf different to the code. ;-(

Reported by:  Jun Kuriyama <kuriyama@FreeBSD.org>
2000-07-14 09:18:21 +00:00
Peter Wemm
4944b91311 Change various log file modes from mode 664 to 644. Allowing group
wheel to trash logfiles is not exactly good security policy.  There have
been several gid wheel holes in ports.  Various other files were changed
as well (eg: the locate database were set to more restrictive modes (444)
by their generation scripts) so this should be safe for them.  utmp and
wtmp are mode 644 already on all the systems we checked.

Submitted by:  jkb
Reviewed by:   kris
2000-07-14 01:12:50 +00:00
Warner Losh
53318022a2 Add Xircom CompactCard Ethernet CFE-10 1.00.
Seems to work great in the type II cf<->pccard adapter that came with
the card.  Others have reported with different chipsets for the pccard
bridge that additional support is needed to make this card work with
the 3.3 volts it needs.
2000-07-12 01:20:55 +00:00
Warner Losh
33d70f97bf Remove irq 13 from the list of valid IRQs. It is used by the math co and
is therefore unavailable.  Also, IRQ13 isn't connected to the pcic chip
on most laptops.
2000-07-11 17:57:01 +00:00
Warner Losh
aae7f33e58 Merge latest cards from my laptop:
o The Shining PMIDE-ASC card is also used in Road Warrior's Bullet Drive, so
  add that to the comments.
o Eiger Lab's fujitsu based ethernet card: EPX-10BT (thanks to Ryan Losh for
  donating the card to the cause).
o Add place holder entry for the 3Com Megahertz 3CXEM556.  It doesn't work
  yet, but that will change in time.
2000-07-11 17:52:41 +00:00
David Malone
7c76474a64 Get the security script to list the indoe numbers of the suid files.
I've seen some script kiddie tools out there that fake the timestamps
but don't preserve the inode number.

Note - this will cause a lot of output the first time it is run!

PR:		18947
Reviewed by:	Sheldon Hearn <sheldonh@uunet.co.za>
2000-07-11 14:24:53 +00:00
MIHIRA Sanpei Yoshiro
c18552ea87 add Planex FNW-3600-TX 16bit FastEthernet DirectDock
Obtained from:	[bsd-nomads:13991] reported by Akihiro IIJIMA <aki@jp.FreeBSD.org>
2000-07-11 14:22:19 +00:00
Seigo Tanimura
fb0ef52838 Finally merge newmidi.
(I had been busy for my own research activity until the last weekend)

Supported devices:

SB Midi Port			(sbc + midi)
SB OPL3				(sbc + midi)
16550 UART			(midi, needs a trick in your hint)
CS461x Midi Port		(csa + midi)

OSS-compatible sequencer	(seq)

Supported playing software:

playmidi			(We definitely need more)

Notes:

/dev/midistat now reports installed midi drivers. /dev/sndstat reports
only pcm drivers. We need the new name(pcmstat?).

EMU8000(SB AWE) does not sound yet but does get probed so that the OPL3
synth on an AWE card works.

TODO:

MSS/PCI bridge drivers
Midi-tty interface to support general serial devices
Modules
2000-07-11 11:49:33 +00:00
MIHIRA Sanpei Yoshiro
3ce4a84317 add Billionton 56Kbps Fax Modem
PR:		18866
2000-07-10 08:31:14 +00:00